Gitlab
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: glab-cli Version: 1.0.0 The skill bundle provides access to the powerful `glab` CLI, including commands like `glab api` and `glab variable`. While these are legitimate functions for interacting with GitLab, their broad capabilities, particularly `glab api` which allows arbitrary REST and GraphQL calls, present a significant attack surface for prompt injection against the AI agent. A malicious user could leverage these commands to perform unauthorized actions or exfiltrate data from GitLab, even though the `skill.md` itself does not contain explicit malicious instructions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could approve or merge code, change CI/CD variables, or create releases in GitLab if the user asks it to use these workflows.
These examples show that the skill may guide the agent to run GitLab commands that mutate project state. This is disclosed and aligned with the GitLab management purpose, but it is high-impact if run against the wrong project or without user confirmation.
glab mr approve 55 glab mr merge 55 ... glab variable set MY_VAR "value" glab release create v1.0.0 --notes "Release notes here"
Before mutating GitLab state, confirm the target project, merge request or issue ID, branch, variable name/value, and release details.
Commands may act with the same access level as the user's configured `glab` account, including access to private projects if that account has permission.
The skill uses GitLab API calls that run in the context of the current authenticated GitLab user. The artifacts do not show credential theft or token handling, but users should understand that actions use their existing GitLab permissions.
glab api graphql -f query='\n query {\n currentUser { username }\n }\n'Use a properly scoped GitLab account or token, and verify that `glab` is authenticated to the intended GitLab instance and user.
A wrong pipeline or release command could start jobs, publish artifacts, or affect deployment workflows.
Retrying CI/CD pipelines or creating releases can trigger downstream build, test, publish, or deployment processes. This is expected for a GitLab CI/CD skill, but mistakes can propagate beyond the immediate command.
glab ci retry ... glab release create v1.0.0 --notes "Release notes here"
Confirm branch, pipeline, environment, and release targets before running CI/CD or release commands.